AzureKeyVault@1 - Azure Key Vault v1 task
Use this task to download secrets, such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords from an Azure Key Vault instance. The task can be used to fetch the latest values of all or a subset of secrets from the vault and set them as variables that can be used in subsequent tasks of a pipeline. The task is Node-based and works with agents on Linux, macOS, and Windows.
Use this task to download secrets, such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords from an Azure Key Vault instance. The task can be used to fetch the latest values of all or a subset of secrets from the vault and set them as variables that can be used in subsequent tasks of a pipeline. The task is Node-based and works with agents on Linux, macOS, and Windows.
Syntax
# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
inputs:
azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription.
KeyVaultName: # string. Required. Key vault.
SecretsFilter: '*' # string. Required. Secrets filter. Default: *.
#RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.
# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
inputs:
azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription.
KeyVaultName: # string. Required. Key vault.
SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.
#RunAsPreJob: false # 'EditableOptions'. Make secrets available to whole job. Default: false.
# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
inputs:
azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription.
KeyVaultName: # string. Required. Key vault.
SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.
# Azure Key Vault v1
# Download Azure Key Vault Secrets.
- task: AzureKeyVault@1
inputs:
azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription.
KeyVaultName: # string. Required. Key vault.
SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.
Inputs
azureSubscription - Azure subscription
Input alias: ConnectedServiceName. string. Required.
The service connection for the Azure subscription that either contains the Azure Key Vault instance or creates a new connection. Learn more about connecting to Azure.
KeyVaultName - Key vault
string. Required.
The name of the Azure Key Vault that contains the secrets to download.
SecretsFilter - Secrets filter
string. Required. Default value: *.
Downloads secret names according to the entered value. The value can be the default value to download all secrets from the selected key vault, or a comma-separated list of secret names.
SecretsFilter - Secrets filter
string. Required. Allowed values: EditableOptions (True). Default value: *.
Downloads secret names according to the entered value. The value can be the default value to download all secrets from the selected key vault, or a comma-separated list of secret names.
RunAsPreJob - Make secrets available to whole job
boolean. Default value: false.
Runs the task before the job execution begins. Exposes secrets to all tasks in the job, not just tasks that follow this one.
RunAsPreJob - Make secrets available to whole job
boolean. Allowed values: EditableOptions (True). Default value: false.
Runs the task before the job execution begins. Exposes secrets to all tasks in the job, not just tasks that follow this one.
Task control options
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
Output variables
None.
Remarks
Works with cross-platform agents (Linux, macOS, or Windows).
There is a newer version of the Azure Key Vault task available.
I get a forbidden error on pipelines at the point of getting credentials from Azure Key Vault
This occurs if the required permissions are missing in the Azure key vault. To resolve the issue, add an access policy with the correct permissions.
Requirements
| Requirement | Description |
|---|---|
| Pipeline types | YAML, Classic build, Classic release |
| Runs on | Agent, DeploymentGroup |
| Demands | None |
| Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
| Command restrictions | Any |
| Settable variables | Any |
| Agent version | 2.0.0 or greater |
| Task category | Deploy |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for